APPLE-SA-11-03-2025-4 macOS Sonoma 14.8.2

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-11-03-2025-4 macOS Sonoma 14.8.2

macOS Sonoma 14.8.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125636.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Admin Framework
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved checks.
CVE-2025-43322: Ryan Dowd (@_rdowd)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2025-43468: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43379: Gergely Kalman (@gergely_kalman)

AppleMobileFileIntegrity
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43469: Mickey Jin (@patch1t)

ASP TCP
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory
management.
CVE-2025-43478: Joseph Ravichandran (@0xjprx) of MIT CSAIL, Dave G.
(supernetworks.org)

Assets
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved entitlements.
CVE-2025-43407: JZ

Assets
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43446: Zhongcheng Li from IES Red Team of ByteDance

Audio
Available for: macOS Sonoma
Impact: A malicious app may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2025-43361: Michael Reeves (@IntegralPilot)

bash
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A validation issue was addressed with improved input
sanitization.
CVE-2025-43472: Morris Richman (@morrisinlife)

bootp
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43394: Csaba Fitzl (@theevilbit) of Kandji

CloudKit
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved validation of
symlinks.
CVE-2025-43448: Hikerell (Loadshine Lab)

configd
Available for: macOS Sonoma
Impact: An app may be able to access protected user data
Description: This issue was addressed with improved handling of
symlinks.
CVE-2025-43395: Csaba Fitzl (@theevilbit) of Kandji

CoreAnimation
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2025-43401: 이동하 (Lee Dong Ha of BoB 14th), wac working with Trend
Micro Zero Day Initiative

CoreServices
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43479: an anonymous researcher

CoreServices
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2025-43382: Gergely Kalman (@gergely_kalman)

CoreText
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative

Dock
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with improved state
handling.
CVE-2025-43420: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova

FileProvider
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state
management.
CVE-2025-43498: pattern-f (@pattern_F_)

Finder
Available for: macOS Sonoma
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2025-43348: Ferdous Saljooki (@malwarezoo) of Jamf

GPU Drivers
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2025-43474: Murray Mike

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input validation.
CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2025-43338: 이동하 (Lee Dong Ha) of SSA Lab

Installer
Available for: macOS Sonoma
Impact: A sandboxed app may be able to access sensitive user data
Description: A logic issue was addressed with improved checks.
CVE-2025-43396: an anonymous researcher

Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43398: Cristian Dinca (icmd.tech)

libxpc
Available for: macOS Sonoma
Impact: A sandboxed app may be able to observe system-wide network
connections
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org

Notes
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed by removing the vulnerable
code.
CVE-2025-43389: Kirin (@Pwnrin)

NSSpellChecker
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43469: Mickey Jin (@patch1t)

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43411: an anonymous researcher

Photos
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional sandbox
restrictions.
CVE-2025-43405: an anonymous researcher

Photos
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2025-43391: Asaf Cohen

Ruby
Available for: macOS Sonoma
Impact: Multiple issues in ruby
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-43398
CVE-2024-49761
CVE-2025-6442

Security
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed by adding additional logic.
CVE-2025-43335: Csaba Fitzl (@theevilbit) of Kandji

Share Sheet
Available for: macOS Sonoma
Impact: An attacker with physical access may be able to access contacts
from the lock screen
Description: This issue was addressed by restricting options offered on
a locked device.
CVE-2025-43408: Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ
BSF Kashmir

SharedFileList
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43476: Mickey Jin (@patch1t)

Shortcuts
Available for: macOS Sonoma
Impact: A shortcut may be able to access files that are normally
inaccessible to the Shortcuts app
Description: A permissions issue was addressed with improved validation.
CVE-2025-30465: an anonymous researcher
CVE-2025-43414: an anonymous researcher

Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43499: an anonymous researcher

sips
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2025-43380: Nikolai Skliarenko of Trend Micro Zero Day Initiative

Siri
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2025-43477: Kirin (@Pwnrin)

SoftwareUpdate
Available for: macOS Sonoma
Impact: An app with root privileges may be able to access private
information
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-43336: Rodolphe BRUNETTI (@eisw0lf) of Lupus Nova

SoftwareUpdate
Available for: macOS Sonoma
Impact: An app may be able to cause a denial-of-service
Description: A permissions issue was addressed by removing the
vulnerable code.
CVE-2025-43397: Csaba Fitzl (@theevilbit) of Kandji

Spotlight
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-31199: Jonathan Bar Or (@yo_yo_yo_jbo) of Microsoft, Alexia
Wilson of Microsoft, Christine Fossaceca of Microsoft

sudo
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-43334: Gergely Kalman (@gergely_kalman)

System Settings
Available for: macOS Sonoma
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2025-43348: Ferdous Saljooki (@malwarezoo) of Jamf

TCC
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2025-43412: Mickey Jin (@patch1t)

Wi-Fi
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-43373: Wang Yu of Cyberserval

zsh
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A validation issue was addressed with improved input
sanitization.
CVE-2025-43472: Morris Richman (@morrisinlife)

macOS Sonoma 14.8.2 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkJTWcACgkQ4Ifiq8DH
7PUM7Q//b3iQD0au24ChgLSo1K8aNdL/kLtMvvKYuoKYpCavuJnrlqS83rBrv5jN
+RAI4uuAcCSGP5Y3w6DjBCT7baIZSdCcDl8J2JN5IXMsH0F9QT9yv54fnHgPgUBy
9veZJSXqNMrhAYrJTvfOYIiL8rTQ4wz3b75mcjiOG5nN/U7Rg2sTQzpmPqBxi1HW
xdb3E0zPkmufQNcxEx41JxGtNvcVQbmJfMx0DLL9PDR+vW25DXs7RnDIkGlJ+5E+
moQR1rPNVA2vAyE0Eu/zKN+c7i+j7qnWfITbr+4n89Lw+vYuLnVr3PjABjeVcKmJ
1j16Og6NcUZXNWNbw9bGmuBlfGtIjBR8ai5X+9CcXTT6FZ+LAD19YMzKAPlLWUGg
WEnrPw5ZsfTWW+mpEHTOknFdxxxkuHY+UlAMD5vln2u90Hvig0LjutEQmbm1a1A4
+T/z2uz44p0OUSj1KQc8ZOIj+Ohs/nJ6/j5MhNQKV3mDdnXoiBJJx3qEp8R4B8qs
AqApZj8usRY/AR515Wy5W/Mhn7fNhFxm4i/HzKf3cH3z0tseOJnwm+xB4rPjzn9y
OfSMWhoD1bHHXsO4FEEwuwTvfnKgqE00oB1MdTR0F9MQumv62yvUqHCpD3iYfx6P
KKh6f+MXf+p5J1mQio9Du9o4D2IFEQnXlXvI1fNKyvLIpXhYGE0=
=n1Pv
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/